Access the Kubernetes Dashboard
Learn how to get access to the Kubernetes Dashboard.
We'll cover the following
Kubernetes proxy#
Besides checking the Kubernetes objects, there is one more thing that is good to verify, which is actually using the Dashboard.
In order to enter the installed Dashboard we need to use the kubectl proxy command (in the terminal at the end of this lesson):
Now, when we enter the address (provided right under the terminal) we should get a similar screen (most probably, before that, the browser will warn us about an insecure connection, but we can ignore it):
Get credentials to the Dashboard#
Alright, it’s working! But how do we log in? This would require more explanation. Kubernetes Dashboard is a very powerful tool because it can not only show what’s inside a cluster but also modify it. This particular feature might make it vulnerable to potential hackers. In fact, a number of companies have experienced the same, including Tesla’s cloud infrastructure which was used by hackers for Bitcoin mining. For this reason, we need to be extremely cautious when using the Kubernetes Dashboard in the production and development environment. However, we’re using a local cluster so we should be okay.
That’s why in order to enter its home page we need to provide a token. For that, we need to have a Kubernetes service account created with a specific ClusterRole bound to it, i.e., cluster-admin.
Luckily for us, together with this Helm release, a service account is created. It can be checked with kubectl, as follows:
The output will be as follows:
NAME SECRETS AGE
dashboard-kubernetes-dashboard 1 22h
default 1 31h
To grant the necessary permissions for it we need to create a ClusterRoleBinding:
The output will be as follows:
clusterrolebinding.rbac.authorization.k8s.io/dashboard-kubernetes-dashboard created
And to get the token, first we need to get a Kubernetes Secret name that is linked to the dashboard-kubernetes-dashboard service account, as below:
The output will be as follows:
Name: dashboard-kubernetes-dashboard
Namespace: monitoring
Labels: app.kubernetes.io/instance=dashboard
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kubernetes-dashboard
app.kubernetes.io/version=2.4.0
helm.sh/chart=kubernetes-dashboard-5.0.4
Annotations: meta.helm.sh/release-name: dashboard
meta.helm.sh/release-namespace: monitoring
Image pull secrets: <none>
Mountable secrets: dashboard-kubernetes-dashboard-token-btsp4
Tokens: dashboard-kubernetes-dashboard-token-btsp4
Events: <none>
It’s listed as Mountable secrets and in this case, it is called dashboard-kubernetes-dashboard-token-btsp4. To get the value of the token we will run the kubectl describe secret command:
The output will be as follows:
Name: dashboard-kubernetes-dashboard-token-btsp4
Namespace: monitoring
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-kubernetes-dashboard
kubernetes.io/service-account.uid: f2fa8ba3-7051-429a-8e2c-70c77d6d2aad
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 10 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IllDUEJBZEhBR0NvdG54YlZ0WG9VdXBhNHZNaDV3UlJObUUtOU9KV0haNlUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtb25pdG9yaW5nIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRhc2hib2FyZC1rdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1idHNwNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmMmZhOGJhMy03MDUxLTQyOWEtOGUyYy03MGM3N2Q2ZDJhYWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bW9uaXRvcmluZzpkYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQifQ.n4v3-65KA0zSnzRFL_UuRKfOahX3fPsIjtx5X66tEpKBujpKdAkmdZUntGJUzYH-IqHfn41Q8vuMaP2NB9bTrfXIuMunEcN4lAhkX5jpyKEvfXhJIS5CgB8HQMEc4N6eq8F2kEH7foesCYOJmstAA4cKSmttoWkLErq3wyeJMD8aroGlvwP3weOKYn0I7LzwqKrlwP35SyWULQWE-6y8uwiIONoOoi9_T5LQhUxP8B4ewOnmOVHGH6sjOg2YYjVpnqjDHOS7eNquiUn-YH_jkuC24y3c8Mvb8iI0Ag6UIugZXtkkmiMiFPY3LOdA7Ov6V3QE989i7Xt7EEaVDe15mA
The last position is our token. Copy and paste it into the dashboard’s login page and click “Sign In.”
Next, navigate to the monitoring namespace located at the top of the screen, as shown below:
We can see that everything is working!
Port forwarding#
The kubectl proxy command mentioned at the beginning of this lesson enabled us to expose the dashboard over the Internet.
If we are working locally there is another approach. Instead of a proxy command, we can use kubectl port-forward:
The output will be as follows:
Forwarding from 127.0.0.1:443 -> 443
Forwarding from [::1]:8443 -> 443
To enter the dashboard we would need to use the http://localhost:443 address.
Install the Helm Chart
Setting Values during Installation